瑞星卡卡安全论坛

首页 » 技术交流区 » 反病毒/反流氓软件论坛 » oprar.exe是什么病毒?
风在都市 - 2006-8-21 9:42:00
最近临时文件夹里总出现oprar.exe这个文件,删除后总会自己重新出现,把注册表里的有关项删除也没有用,而且系统总是提示它调用cmd.exe错误,开机也会弹出“系统错误,需要关闭”的提示,哪位大侠知道它的底细和查杀方法?
westbeck - 2006-8-21 10:03:00
应该是病毒...
清理临时文件夹...
请下载 System Repair Engineer,使用“智能扫描”,按下“扫描”按钮进行扫描,扫描完成后按下“保存报告”按钮保存报告日志文件(SREng.LOG),把保存的报告日志文件内容复制-粘贴上来
下载网址
http://www.kztechs.com/sreng/sreng2.zip
http://forum.ikaka.com/topic.asp?board=67&artid=5188931
日志一次粘不完,分次粘完,请不要修改。谢谢...
jy02207205 - 2006-8-21 11:00:00
谢谢.我正好也有这个oprar.exe..
病毒天怒 - 2006-8-21 11:03:00
ME Too!
jy02207205 - 2006-8-21 11:04:00
粘贴到这里来吗?
jy02207205 - 2006-8-21 11:17:00
2006-08-21,10:54:05

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows XP Professional Service Pack 1 (Build 2600)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)
    浏览器加载项
    正在运行的进程(包括进程模块信息)
    文件关联


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><D:\WINDOWS\System32\ctfmon.exe>  [Microsoft Corporation]
    <Windows Security Protocol><win32sprot.exe>  []
    <Win32 Security Protocol><secure32.exe>  []
    <Intec Drivers32><intec32.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <Intec Drivers32><intec32.exe>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <IMJPMIG8.1><"D:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32>  [Microsoft Corporation]
    <PHIME2002ASync><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC>  [Microsoft Corporation]
    <PHIME2002A><D:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName>  [Microsoft Corporation]
    <ATIPTA><D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe>  [ATI Technologies, Inc.]
    <YLive.exe><D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe>  [ ]
    <NVMixerTray><"D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe">  [NVIDIA Corporation]
    <SKYNET Personal FireWall><D:\其他\天网防~1\Firewall\pfw.exe>  [广州众达天网技术有限公司]
    <msconfig38><mssvcc.exe>  []
    <TkBellExe><"D:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <Win32 Kernel Update><D:\WINDOWS\System32\win32update.exe>  []
    <Microsoft (R) Windows Update Manager Tool><D:\WINDOWS\update\updmangr.exe>  []
    <VVSN><D:\Program Files\VVSN\VVSN.exe>  [WhenU.com]
    <DAEMON Tools><"D:\其他\DAEMON Tools\daemon.exe" -lang 1033>  [DT Soft Ltd.]
    <winsystems25><winsystems.exe>  []
    <Windows Security Protocol><win32sprot.exe>  []
    <Win32 Security Protocol><secure32.exe>  []
    <Windows Core Kernel Update><D:\WINDOWS\System32\win32bootcfg.exe>  []
    <Windows Update Manager><win32.exe>  []
    <CnsMin><Rundll32.exe D:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32>  [北京三七二一科技有限公司]
    <Local Security Authority Service><D:\WINDOWS\System32\lssas.exe>  []
    <Intec Drivers32><intec32.exe>  []
    <HF_GameClient><D:\其他\浩方对战平台\gameclient.exe>  [上海浩方在线信息技术有限公司]
    <RemoteControl><D:\其他\1234\PDVDServ.exe>  [Cyberlink Corp.]
    <LanguageShortcut><D:\其他\1234\Language\Language.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunServices]
    <msconfig38><mssvcc.exe>  []
    <winsystems25><winsystems.exe>  []
    <Windows Security Protocol><win32sprot.exe>  []
    <Win32 Security Protocol><secure32.exe>  []
    <Windows Update Manager><win32.exe>  []
    <Intec Drivers32><intec32.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><D:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><KB455373M.LOG>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
    <DLMon><D:\WINDOWS\System32\DLMain.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
    <WinlogonNotify: AtiExtEvent><Ati2evxx.dll>  []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\pmkjh]
    <WinlogonNotify: pmkjh><D:\WINDOWS\System32\pmkjh.dll>  []

==================================
启动文件夹
[InterVideo WinCinema Manager]
  <D:\Documents and Settings\All Users.WINDOWS\「开始」菜单\程序\启动\InterVideo WinCinema Manager.lnk><N>

==================================
服务
[Aol Instant Messenger / AIM]
  <"D:\WINDOWS\system\aim.exe"><N/A>
[Ati HotKey Poller / Ati HotKey Poller]
  <D:\WINDOWS\System32\Ati2evxx.exe><N/A>
[ATI Smart / ATI Smart]
  <D:\WINDOWS\system32\ati2sgag.exe><>
[Gray_Pigeon_Server / GrayPigeonServer]
  <D:\WINDOWS\G_Server.exe><N/A>
[MsLS32 / MsLS32]
  <"D:\WINDOWS\MsLS32.exe"><N/A>
[P4P Service / P4P Service]
  <D:\Program Files\Common Files\Sogou PXP\p2psvr.exe><Sohu.com Inc.>
[Cyberlink RichVideo Service(CRVS) / RichVideo]
  <"D:\Program Files\Cyberlink\Shared files\RichVideo.exe"><>
[Service Hosts / ServiceHost]
  <"D:\WINDOWS\shost.exe"><N/A>
[Windows Update Manager Tool / UpdateManagerTool]
  <D:\WINDOWS\update\updmangr.exe /updatemgr><N/A>
[Win32 Kernel Update / Win32Kernel]
  <"D:\WINDOWS\win32host.exe"><N/A>
jy02207205 - 2006-8-21 11:19:00
==================================
浏览器加载项
[Ad Engine]
  {077FD0C3-1291-4104-A356-41E36B252682} <D:\Program Files\Yayad\AdCore.dll, CDM>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[QQBrowserHelperObject Class]
  {54EBD53A-9BC1-480B-966A-843A333CA162} <D:\其他\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[]
  {97324BE8-D10C-4C8B-BC7C-8CAA7400DAE6} <D:\WINDOWS\System32\pmkjh.dll, N/A>
[浩方对战平台]
  {0A155D3C-68E2-4215-A47A-E800A446447A} <D:\其他\浩方对战平台\gameclient.exe, 上海浩方在线信息技术有限公司>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQIEFloatBarCfgCmd Class]
  {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} <D:\其他\QQ\QQIEHelper.dll, 深圳市腾讯计算机系统有限公司>
[电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <D:\WINDOWS\System32\msdxm.ocx, Microsoft Corporation>
[雅虎助手]
  {406F94F0-504F-4a40-8DFD-58B0666ABEBD} <D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll, Yahoo!>
[MMCPlayer Class]
  {05C1004E-2596-48E5-8E26-39362985EEB9} <D:\WINDOWS\Downloaded Program Files\MMCShell.dll, Sohu.com Inc.>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <D:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[上传到QQ网络硬盘]
  <D:\其他\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <D:\其他\网快车\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <D:\其他\网快车\FlashGet\jc_all.htm, N/A>
[添加到QQ自定义面板]
  <D:\其他\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <D:\其他\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <D:\其他\QQ\SendMMS.htm, N/A>
[雅虎搜索]
  <res://D:\PROGRA~1\Yahoo!\ASSIST~1\Assist\yasbar.dll/246, N/A>
jy02207205 - 2006-8-21 11:20:00
==================================
正在运行的进程
[PID: 444][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
[PID: 504][\??\D:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 528][\??\D:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\system32\Ati2evxx.dll]  <N/A><N/A>
    [D:\WINDOWS\System32\pmkjh.dll]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 768][D:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 780][D:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 952][D:\WINDOWS\System32\Ati2evxx.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 984][D:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1096][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1364][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1416][D:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1524][D:\WINDOWS\system32\Ati2evxx.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1600][D:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\System32\pmkjh.dll]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\System32\DLMon.dll]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [D:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
[PID: 1752][D:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.1.2600.0 (XPClient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1984][D:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe]  <ATI Technologies, Inc.><6.14.10.5090>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll]  <ATI Technologies, Inc.><6.14.10.5090>
    [D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.CHS]  <ATI Technologies, Inc.><6.14.10.5090>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll]  <ATI Technologies, Inc.><6.14.10.5090>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1992][D:\PROGRA~1\Yahoo!\ASSIST~1\YLive.exe]  < ><2, 0, 0, 1002>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Ynotifier.dll]  <><1, 0, 0, 5>
[PID: 2036][D:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe]  <NVIDIA Corporation><1.0.444>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\Program Files\NVIDIA Corporation\NvMixer\NvMixerZHC.dll]  <NVIDIA Corporation><1.0.444>
    [D:\Program Files\Common Files\NVIDIA Shared\Audio\NVAudioMod.dll]  <NVIDIA Corporation><1.0.444>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 2044][D:\其他\天网防~1\Firewall\pfw.exe]  <广州众达天网技术有限公司><2.7.7.1004>
    [D:\其他\天网防~1\Firewall\SKYMISC.DLL]  <N/A><N/A>
    [D:\其他\天网防~1\Firewall\COMPRESSWRAP.DLL]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 188][D:\WINDOWS\System32\mssvcc.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 196][D:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3510>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 240][D:\WINDOWS\System32\win32update.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 288][D:\Program Files\VVSN\VVSN.exe]  <WhenU.com><1, 0, 1, 5>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
jy02207205 - 2006-8-21 11:21:00
PID: 316][D:\其他\DAEMON Tools\daemon.exe]  <DT Soft Ltd.><4.03.0.0>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\其他\DAEMON Tools\daemon.dll]  <DT Soft Ltd.><4.03.0.0>
    [D:\其他\DAEMON Tools\PFCTOC.DLL]  <Padus(R), Inc.><1, 0, 0, 12>
    [D:\其他\DAEMON Tools\Plugins\Images\bw5mount.dll]  <N/A><1.0.6.0>
    [D:\其他\DAEMON Tools\Plugins\Images\ccdmount.dll]  <GENERIC><1.10.0.0>
    [D:\其他\DAEMON Tools\Plugins\Images\mdsmount.dll]  <GENERIC><1.12.0.0>
    [D:\其他\DAEMON Tools\Plugins\Images\nrgmount.dll]  <GENERIC><1.11.0.0>
    [D:\其他\DAEMON Tools\Plugins\Images\pdimount.dll]  <GENERIC><1.01.0.0>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 348][D:\WINDOWS\System32\winsystems.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 364][D:\WINDOWS\System32\win32sprot.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 380][D:\WINDOWS\System32\secure32.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 428][D:\WINDOWS\System32\win32bootcfg.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 320][D:\WINDOWS\System32\Rundll32.exe]  <Microsoft Corporation><5.1.2600.0 (xpclient.010817-1148)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 580][D:\WINDOWS\System32\lssas.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 620][D:\WINDOWS\System32\intec32.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 704][D:\其他\1234\PDVDServ.exe]  <Cyberlink Corp.><5.00.0910>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\其他\1234\CLRCEngine3.dll]  <CyberLink Corp.><4, 5, 0, 1711>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1348][D:\WINDOWS\System32\ctfmon.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 2004][D:\其他\Common\Bin\WinCinemaMgr.exe]  <InterVideo Inc.><1.8.2>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 480][D:\WINDOWS\system\aim.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1056][D:\WINDOWS\MsLS32.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1088][D:\Program Files\Yayad\AdPop.Exe]  <CDM><1.0.0.1>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\Program Files\Yayad\autoupdate.dll]  <CDM><1.0.0.1>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1480][D:\Program Files\Cyberlink\Shared files\RichVideo.exe]  <><1.1.0808  >
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1976][D:\WINDOWS\shost.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 1924][D:\WINDOWS\update\updmangr.exe]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
[PID: 1672][D:\WINDOWS\win32host.exe]  <N/A><N/A>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 9100][D:\WINDOWS\system32\sysdtc32.exe]  <Microsoft Corporation><5, 1 2600, 0 (windows client)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
[PID: 2168][D:\其他\tt\TTraveler.exe]  <腾讯公司><3.1.0.256>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [D:\其他\tt\Plugins\QQFloatBar\QQFloatBar4TT2.dll]  <腾讯公司><1, 1, 0, 5>
    [D:\其他\tt\Plugins\TWeather\TWeather.dll]  <><1, 0, 0, 3>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [D:\其他\tt\PersonalDesktop.dll]  <深圳市腾讯计算机系统公司QQ工作小组><1, 0, 0, 4>
    [D:\WINDOWS\System32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
[PID: 4148][D:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.2800.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\yscrblock.dll]  <Yahoo><1, 0, 1, 1000>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\YAlive.dll]  <><2, 1, 4, 1044>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yalliveex.dll]  < ><2, 0, 0, 1006>
    [D:\Program Files\Yayad\AdCore.dll]  <CDM><1.0.0.1>
    [D:\其他\QQ\QQIEHelper.dll]  <深圳市腾讯计算机系统有限公司><1, 1, 0, 5>
    [D:\WINDOWS\System32\pmkjh.dll]  <N/A><N/A>
[PID: 39116][D:\WINDOWS\System32\conime.exe]  <Microsoft Corporation><5.1.2600.1106 (xpsp1.020828-1920)>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>
[PID: 56884][D:\其他\sreng2\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [D:\WINDOWS\KB455373M.LOG]  <N/A><N/A>
    [D:\WINDOWS\G_Server_Hook.DLL]  <N/A><N/A>
    [D:\WINDOWS\DOWNLO~1\CnsMin.dll]  <北京三七二一科技有限公司><1, 5, 3, 1>
    [D:\PROGRA~1\Yahoo!\ASSIST~1\Yhelper.dll]  <><2, 0, 0, 1013>

==================================
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["D:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
风在都市 - 2006-8-21 11:49:00
我用的是系统服务器,扫描结果比较乱。

2006-08-21,11:34:37

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    所有的启动项目(包括注册表、启动文件夹、服务等)


启动项目
注册表
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
    <ctfmon.exe><C:\WINDOWS\system32\ctfmon.exe>  [Microsoft Corporation]
    <PhMain><C:\Program Files\PeanutHull3\Phmain.exe>  [广东网域]
    <ScanRegistry><C:\Program Files\Common Files\update\update.exe>  []
    <3721><; C:\$NtUninstallQ5926809$\3721.bat>  []
[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <load><>  []
    <run><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
    <icd><"C:\Program Files\icd\Icd.exe">  [编程小屋 http://www.bcxw.com]
    <TkBellExe><"C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot>  [RealNetworks, Inc.]
    <iSpirit><C:\Program Files\ispirit\ispirit.exe>  [北京极限通科技有限公司]
    <NTdhcp><C:\WINDOWS\system32\NTdhcp.exe>  []
    <p5u2><RunDll32 "C:\WINDOWS\Downlo~1\p5u2.dll",Run>  [Microsoft Corporation]
    <SearchNet_Up><C:\Program Files\SearchNet\ServeUp.exe>  [中搜在线]
    <CdnCtr><8V-x?>  []
    <SrvNet32><RunDll32 "C:\Program Files\SearchNet\SrvNet32.dll",Run>  []
    <MyOASMS><; C:\Program Files\MYOASMS\MyOASMS.exe -1 -2>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
    <CheckFaultKernel><C:\WINDOWS\system32\mswdm.exe>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <shell><Explorer.exe>  [Microsoft Corporation]
    <Userinit><C:\WINDOWS\system32\userinit.exe,>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
    <AppInit_DLLs><>  []
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
    <UIHost><%SystemRoot%\system32\logonui.exe>  [Microsoft Corporation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
    <{32CD708B-60A7-4C00-9377-D73EAA495F0F}><C:\WINDOWS\system32\RavExt.dll>  [Beijing Rising Technology Co., Ltd.]
    <{288BD9BD-F0DC-46B1-81B5-2B61DF8077CE}><C:\WINDOWS\system32\CC.dll>  []
    <{F3D0D422-CE6D-47B3-9CE6-C54DD63F1ADB}><C:\Program Files\Internet Explorer\PLUGINS\new123.sys>  []
    <{CF49F9F2-A8D3-464F-83EC-6AFC6573C267}><C:\WINDOWS\system32\jhcmd2.dll>  []

==================================
启动文件夹
[Adobe Reader Speed Launch]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\Adobe Reader Speed Launch.lnk><N>
[极限应用服务监视器]
  <C:\Documents and Settings\All Users\「开始」菜单\程序\启动\极限应用服务监视器.lnk><N>

==================================
服务
[C-DillaCdaC11BA / C-DillaCdaC11BA]
  <C:\WINDOWS\system32\drivers\CDAC11BA.EXE><Macrovision>
[IMA_Server / IMA_Server]
  <d:\MYOA\IMA\IMAServer.exe><N/A>
[Macromedia Licensing Service / Macromedia Licensing Service]
  <"C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe"><N/A>
[MeChat / MeChat]
  <d:\MYOA\MeChat\MeChat.exe><N/A>
[MySQL_OA / MySQL_OA]
  <D:\MYOA\mysql\bin\mysqld-nt.exe MySQL_OA><N/A>
[OA_Service / OA_Service]
  <"d:\MYOA\bin\apache.exe" -k runservice><Apache Software Foundation>
[PeanuthullCore / PeanuthullCore]
  <C:\Program Files\PeanutHull3\PhCore.exe -service><广东网域>
[88IP V6.0 Service / PRO88IPService]
  <C:\Program Files\CasinTech\88ip Client\88ip.exe><N/A>
[Rising Proxy  Service / RfwProxySrv]
  <d:\program files\rising\rfw\rfwproxy.exe><Beijing Rising Technology Co., Ltd.>
[Rising Personal Firewall Service / RfwService]
  <d:\program files\rising\rfw\rfwsrv.exe><Beijing Rising Technology Co., Ltd.>
[Rising Process Communication Center / RsCCenter]
  <"C:\Program Files\Rising\Rav\CCenter.exe"><Beijing Rising Technology Co., Ltd.>
[RsRavMon Service / RsRavMon]
  <"C:\Program Files\Rising\Rav\Ravmond.exe"><Beijing Rising Technology Co., Ltd.>

==================================
浏览器加载项
正在运行的进程
文件关联
Winsock 提供者

==================================
风在都市 - 2006-8-21 11:50:00
2006-08-21,11:34:47

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    浏览器加载项


启动项目
注册表
启动文件夹
服务

==================================
浏览器加载项
[Adobe PDF Reader Link Helper]
  {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} <C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll, Adobe Systems Incorporated>
[Zhongsou Browser Helper]
  {2A0176FE-008B-4706-90F5-BBA532A49731} <C:\Program Files\SearchNet\SNHpr.dll, Beijing Zhongsou Online Software>
[IE Browser Helper]
  {3CE496D1-1746-41CD-9489-3C0B93DF10E2} <C:\WINDOWS\Downlo~1\eb9p1vq.dll, 中搜在线软件有限公司>
[Google Toolbar Helper]
  {AA58ED58-01DD-4d91-8333-CF10577473F7} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[AlxTB BHO Class]
  {F1FABE79-25FC-46de-8C5A-2C6DB9D64333} <C:\WINDOWS\system32\AlxTB1.dll, N/A>
[@shdoclc.dll,-866]
  {c95fe080-8f5d-11d2-a20b-00aa003c157a} <, N/A>
[QQ]
  {c95fe080-8f5d-11d2-a20b-00aa003c157b} <C:\Program Files\Tencent\QQ\QQ.EXE, N/A>
[FlashGet Bar]
  {E0E899AB-F487-11D5-8D29-0050BA6940E3} <C:\PROGRA~1\FlashGet\fgiebar.dll, Amaze Soft>
[@msdxmLC.dll,-1@2052,电台(&R)]
  {8E718888-423F-11D2-876E-00A0C9082467} <C:\WINDOWS\system32\msdxm.ocx, Microsoft Corporation>
[ICQ  Toolbar]
  {855F3B16-6D32-4fe6-8A56-BBB695989046} <C:\Program Files\ICQToolbar\toolbaru.dll, ICQ Inc.>
[&Google]
  {2318C2B1-4965-11d4-9B18-009027A5CD4F} <c:\program files\google\googletoolbar3.dll, Google Inc.>
[NTKO Office文档控件]
  {01DFB4B4-0E07-4E3F-8B7A-98FD6BFF153F} <C:\Program Files\NTKO SOFTWARE\OfficeControl\OfficeControl.ocx, 千航网络[NTKO SOFTWARE]Email: tanger@ntko.com>
[NetCamPlayerWeb Control]
  {1D9EFA3B-4E85-41A8-9092-14012CD447C9} <C:\WINDOWS\DOWNLO~1\NETCAM~1.OCX, >
[NetCamPlayerWeb11g Control]
  {4A026B12-94F3-4D2F-A468-96AA55DE20A5} <C:\WINDOWS\DOWNLO~1\NETCAM~2.OCX, Sercomm>
[ICCard Control]
  {4AB8AC1A-AE97-49FF-A74C-1F3C0CFC9870} <C:\WINDOWS\DOWNLO~1\CoolRun.ocx, 北京极限通软件研发中心>
[MSN Photo Upload Tool]
  {4F1E5B1A-2A80-42CA-8532-2D05CB959537} <C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll, Microsoft? Corporation>
[天下搜索]
  {56A7DC70-E102-4408-A34A-AE06FEF01586} <, N/A>
[ProfileAccessCtrl Class]
  {8A96EAE5-D262-4226-A517-304C88B53F1F} <C:\WINDOWS\Downloaded Program Files\ProfileAccess.dll, >
[iWebOffice2006 Control]
  {8B23EA28-723C-402F-92C4-59BE0E063499} <C:\WINDOWS\DOWNLO~1\ioDoc.ocx, >
[LiveMediaOcx Control]
  {9242BB35-0DB0-43AC-8DFC-8EA07E63B92A} <C:\PROGRA~1\Tencent\QQLIVE~1\QQLive.ocx, >
[NvsViewer Class]
  {99A7E374-3E8E-4C78-A054-25522DC03DA2} <C:\WINDOWS\system32\NVSViewer.dll, CYNIX Inc.>
[Update Class]
  {9F1C11AA-197B-4942-BA54-47A8489BB47F} <C:\WINDOWS\system32\iuctl.dll, Microsoft Corporation>
[MeChatU Class]
  {BE9D5F13-40C1-44CA-9950-B9211E4B60DD} <C:\WINDOWS\Downloaded Program Files\MeChatUser.dll, >
[NTKO OFFICE文档控件]
  {C9BC4DFF-4248-4A3C-8A49-63A7D317F404} <C:\WINDOWS\Downloaded Program Files\OfficeControl.ocx, 千航网络[NTKO SOFTWARE] WEB:http://www.ntko.com Email: tanger@ntko.com>
[Shockwave Flash Object]
  {D27CDB6E-AE6D-11CF-96B8-444553540000} <C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx, Macromedia, Inc.>
[PSVRecImage Control]
  {E111B6BD-3B91-410E-A989-F3392676AF34} <C:\WINDOWS\DOWNLO~1\PSVREC~1.OCX, Pixord>
[HCNetVideo Control]
  {F030F48F-CD67-45D1-B622-A5D88A7BCFE9} <C:\WINDOWS\system32\HCNETV~1.OCX, >
[Hqext Control]
  {FE70C9C0-FB4D-4225-A50D-F967EC8FC54A} <C:\WINDOWS\DOWNLO~1\hqext.ocx, aljoin>
[Google 搜索(&G)]
  <res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html, N/A>
[上传到QQ网络硬盘]
  <C:\Program Files\Tencent\QQ\AddToNetDisk.htm, N/A>
[使用网际快车下载]
  <C:\Program Files\FlashGet\jc_link.htm, N/A>
[使用网际快车下载全部链接]
  <C:\Program Files\FlashGet\jc_all.htm, N/A>
[导出到 Microsoft Excel(&x)]
  <res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000, N/A>
[添加到QQ自定义面板]
  <C:\Program Files\Tencent\QQ\AddPanel.htm, N/A>
[添加到QQ表情]
  <C:\Program Files\Tencent\QQ\AddEmotion.htm, N/A>
[用QQ彩信发送该图片]
  <C:\Program Files\Tencent\QQ\SendMMS.htm, N/A>

==================================
正在运行的进程
文件关联
Winsock 提供者

==================================
风在都市 - 2006-8-21 11:50:00
2006-08-21,11:35:58

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    文件关联


启动项目
注册表
启动文件夹
服务

==================================
浏览器加载项
正在运行的进程
文件关联
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock 提供者

==================================
风在都市 - 2006-8-21 11:56:00
2006-08-21,11:35:39

System Repair Engineer 2.0.21.505 (2.0 RC 2)
Smallfrogs (http://www.KZTechs.com)

Windows Server 2003 Enterprise Edition  (Build 3790)
- 管理权限用户 - 完整功能

以下内容被选中:
    正在运行的进程(包括进程模块信息)


启动项目
注册表
启动文件夹
服务

==================================
浏览器加载项
正在运行的进程
[PID: 364][\SystemRoot\System32\smss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
[PID: 412][\??\C:\WINDOWS\system32\csrss.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 436][\??\C:\WINDOWS\system32\winlogon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 480][C:\WINDOWS\system32\services.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 516][C:\WINDOWS\system32\lsass.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 676][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 728][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 900][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 932][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 944][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1140][C:\WINDOWS\system32\spoolsv.exe]  <Microsoft Corporation><5.2.3790.346 (srv03_gdr.050610-1523)>
    [C:\WINDOWS\system32\adimon.dll]  <Autodesk, Inc.><3,0,14,176>
    [C:\WINDOWS\system32\heidi3.dll]  <Autodesk, Inc.><3,0,14,176>
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\IAProcessor.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
    [C:\WINDOWS\system32\spool\PRTPROCS\W32X86\vprproc.dll]  <Windows (R) 2000 DDK provider><5.00.2195.1620>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 1164][C:\WINDOWS\system32\netdde.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 1240][C:\WINDOWS\system32\msdtc.exe]  <Microsoft Corporation><2001.12.4720.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1336][C:\WINDOWS\System32\alg.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1348][C:\WINDOWS\system32\drivers\CDAC11BA.EXE]  <Macrovision><4.20.020>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1384][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1440][C:\WINDOWS\system32\inetsrv\inetinfo.exe]  <Microsoft Corporation><6.0.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1496][d:\MYOA\MeChat\MeChat.exe]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1588][D:\MYOA\mysql\bin\mysqld-nt.exe]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1612][C:\WINDOWS\system32\ntfrs.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1640][d:\MYOA\bin\apache.exe]  <Apache Software Foundation><2.0.55>
    [d:\MYOA\bin\libapr.dll]  <Apache Software Foundation><0.9.7>
    [d:\MYOA\bin\libaprutil.dll]  <Apache Software Foundation><0.9.7>
    [d:\MYOA\bin\libapriconv.dll]  <Apache Software Foundation><0.9.7>
    [d:\MYOA\bin\libhttpd.dll]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_access.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_actions.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_alias.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_asis.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_auth.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_autoindex.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_dir.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_env.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_include.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_log_config.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_mime.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_negotiation.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_setenvif.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_cgi.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_isapi.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\bin\sapi\php4apache2.dll]  <N/A><N/A>
    [d:\MYOA\bin\php4ts.dll]  <The PHP Group><4.3.10.10>
    [D:\MYOA\bin\mmcache.dll]  <N/A><N/A>
    [D:\MYOA\bin\ZendOptimizer.dll]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [d:\MYOA\bin\php_gd2.dll]  <N/A><N/A>
    [d:\MYOA\bin\php_iconv.dll]  <N/A><N/A>
    [d:\MYOA\bin\iconv.dll]  <Free Software Foundation><1.9>
[PID: 1660][C:\Program Files\PeanutHull3\PhCore.exe]  <广东网域><1, 0, 0, 13>
    [C:\Program Files\PeanutHull3\PhAlive.dll]  <广东网域><1, 0, 1, 26>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 1692][C:\WINDOWS\system32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1740][C:\WINDOWS\System32\snmp.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1756][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 1940][C:\WINDOWS\system32\Dfssvc.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 2016][d:\MYOA\IMA\IMAServer.exe]  <N/A><N/A>
    [d:\MYOA\IMA\crypt.dll]  <N/A><N/A>
    [d:\MYOA\IMA\CC3260MT.DLL]  <Borland Corporation><0.0.0.0 (informal build)>
    [d:\MYOA\IMA\libmysql.dll]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 216][C:\WINDOWS\System32\svchost.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 2128][D:\MYOA\bin\apache.exe]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\bin\libapr.dll]  <Apache Software Foundation><0.9.7>
    [D:\MYOA\bin\libaprutil.dll]  <Apache Software Foundation><0.9.7>
    [D:\MYOA\bin\libapriconv.dll]  <Apache Software Foundation><0.9.7>
    [D:\MYOA\bin\libhttpd.dll]  <Apache Software Foundation><2.0.55>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [D:\MYOA\modules\mod_access.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_actions.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_alias.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_asis.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_auth.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_autoindex.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_dir.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_env.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_include.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_log_config.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_mime.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_negotiation.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_setenvif.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_cgi.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\modules\mod_isapi.so]  <Apache Software Foundation><2.0.55>
    [D:\MYOA\bin\sapi\php4apache2.dll]  <N/A><N/A>
    [D:\MYOA\bin\php4ts.dll]  <The PHP Group><4.3.10.10>
    [D:\MYOA\bin\mmcache.dll]  <N/A><N/A>
    [D:\MYOA\bin\ZendOptimizer.dll]  <N/A><N/A>
    [D:\MYOA\bin\php_gd2.dll]  <N/A><N/A>
    [D:\MYOA\bin\php_iconv.dll]  <N/A><N/A>
    [D:\MYOA\bin\iconv.dll]  <Free Software Foundation><1.9>
风在都市 - 2006-8-21 11:58:00

[PID: 3280][C:\WINDOWS\system32\wbem\wmiprvse.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 3908][C:\WINDOWS\Explorer.EXE]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\Program Files\SearchNet\SrvNet32.dll]  <中搜在线><1, 0, 2, 7>
    [C:\WINDOWS\system32\RavExt.dll]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 21>
    [C:\WINDOWS\Downlo~1\eb9p1vq.dll]  <中搜在线软件有限公司><2, 0, 2, 5>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll]  <Adobe Systems, Inc.><7.0.0.0>
    [C:\Program Files\WinRAR\rarext.dll]  <N/A><N/A>
    [C:\Program Files\Rising\Rav\RSCOMMON.DLL]  <Beijing Rising Technology Co., Ltd.><18, 0, 0, 4>
    [C:\Program Files\ICQLite\ICQLiteShell.dll]  <><20, 34, 2321, 0>
    [C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll]  <Adobe Systems Incorporated><7.0.7.2006011200>
[PID: 3972][C:\Program Files\icd\Icd.exe]  <编程小屋 http://www.bcxw.com><1.72>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\Program Files\icd\icd.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 3820][C:\Program Files\Common Files\Real\Update_OB\realsched.exe]  <RealNetworks, Inc.><0.1.0.3292>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
[PID: 3796][C:\Program Files\ispirit\ispirit.exe]  <北京极限通科技有限公司><2, 0, 0, 0>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 3584][C:\WINDOWS\system32\NTdhcp.exe]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
[PID: 3548][C:\WINDOWS\system32\ctfmon.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 312][C:\Program Files\PeanutHull3\Phmain.exe]  <广东网域><3, 1, 0, 42>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\Program Files\PeanutHull3\PhRes.dll]  <广东网域><1, 0, 8, 1>
    [C:\Program Files\PeanutHull3\PhService.dll]  <广东网域><1, 0, 1, 21>
    [C:\Program Files\PeanutHull3\iconv.dll]  <Free Software Foundation><1.9>
    [C:\WINDOWS\PhIDNA.dll]  <广东网域><1, 0, 0, 2>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 3268][D:\MYOA\bin\Monitor.exe]  <N/A><N/A>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 1604][C:\Program Files\Internet Explorer\iexplore.exe]  <Microsoft Corporation><6.00.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>
    [c:\program files\google\googletoolbar3.dll]  <Google Inc.><3, 0, 131, 0>
    [C:\Program Files\SearchNet\SNHpr.dll]  <Beijing Zhongsou Online Software><1, 0, 0, 1>
    [C:\WINDOWS\Downlo~1\eb9p1vq.dll]  <中搜在线软件有限公司><2, 0, 2, 5>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\Macromed\Flash\Flash8b.ocx]  <Macromedia, Inc.><8,0,24,0>
    [C:\Program Files\Common Files\Autodesk Shared\AcSignCore16.dll]  <Autodesk><16.0.0.86>
[PID: 812][C:\DOCUME~1\ADMINI~1.OA\LOCALS~1\Temp\oprar.exe]  <WHITEHOUSE><1.1.1.0>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\DOCUME~1\ADMINI~1.OA\LOCALS~1\Temp\7.dll]  <Microsoft Corporation><5.00.1764.1>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\DOCUME~1\ADMINI~1.OA\LOCALS~1\Temp\packet.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\DOCUME~1\ADMINI~1.OA\LOCALS~1\Temp\WanPacket.dll]  <CACE Technologies><3, 1, 0, 27>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
[PID: 3532][C:\WINDOWS\system32\conime.exe]  <Microsoft Corporation><5.2.3790.0 (srv03_rtm.030324-2048)>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
[PID: 4964][E:\瑞星2006\SREng2\SREng.exe]  <Smallfrogs Studio><2.0.21.505>
    [C:\WINDOWS\yanga9_Hook.DLL]  <N/A><N/A>
    [C:\Program Files\Internet Explorer\PLUGINS\new123.sys]  <N/A><N/A>
    [C:\WINDOWS\yanga9Key.DLL]  <N/A><N/A>
    [C:\WINDOWS\system32\CC.dll]  <N/A><N/A>
    [C:\WINDOWS\system32\AcSignIcon.dll]  <Autodesk><16.0.0.86>

==================================
文件关联
Winsock 提供者

==================================
newcenturymoon - 2006-8-21 11:58:00
请升级你的瑞星到18.41版本 可以查杀这个病毒
我还没有找到手工查杀办法 用瑞星试试
风在都市 - 2006-8-21 12:03:00
rising升级中,期待……
风在都市 - 2006-8-21 16:21:00
rising居然被关闭了!看不到rising监控的雨伞,rising主界面也是一闪就被关闭,看来只能等到晚上进入安全模式试一下了》
风在都市 - 2006-8-24 17:20:00
my god!
NO!
changmio - 2006-8-24 18:15:00
我也中了,怎么办啊。。。
1
查看完整版本: oprar.exe是什么病毒?
© 2000 - 2026 Rising Corp. Ltd.